Supported Languages
6 min read
MCP Scanner uses tree-sitter for parsing source code into concrete syntax trees. This approach provides fast, accurate parsing across multiple languages without requiring the languages’ own compilers or interpreters to be installed.
Language Support Matrix
| Language | Support Level | File Extensions | Vulnerability Classes | Taint Analysis | MCP Surface Extraction |
|---|---|---|---|---|---|
| Python | Full | .py | A-N (all 14) | Yes (fast + deep) | Yes |
| TypeScript | Full | .ts, .tsx, .mts, .cts | A-N (all 14) | Yes (fast + deep) | Yes |
| JavaScript | Full | .js, .jsx, .mjs, .cjs | A-N (all 14) | Yes (fast + deep) | Yes |
| Go | Parsing Only | .go | Parsing only (rules in progress) | No | Partial |
Python
Support level: Full
Python is fully supported with complete detection across all 14 vulnerability classes.
File Extensions
| Extension | Description |
|---|---|
.py | Standard Python source files |
MCP SDKs Detected
mcp-scan recognizes MCP server patterns from popular Python SDKs, including tool decorators, resource handlers, and prompt definitions. It detects @tool, @mcp.tool(), and similar decorator patterns used to expose MCP functionality.
Detection Capabilities
- Pattern matching: Regular expressions targeting dangerous function calls such as shell command execution, dynamic evaluation, and unsafe subprocess usage
- Taint analysis: Tracks data flow from tool parameters through assignments, string formatting (f-strings,
.format()), and function calls to dangerous sinks - Sanitizer recognition: Identifies safe patterns like
shlex.quote(),os.path.basename(),html.escape(), and parameterized queries - Secret detection: Recognizes known prefixes (
sk-,AKIA,ghp_), high-entropy strings, and sensitive variable names
Language-Specific Considerations
- f-strings and
.format(): The scanner tracks taint through Python string interpolation, including nested f-string expressions - Decorators: Tool decorators are parsed to extract MCP surface information (tool names, descriptions, parameter types)
- Dynamic features: Dynamic import and evaluation functions are flagged as dangerous
- Virtual environments: Directories named
venv/and.venv/are excluded by default
Default Exclusions
The following paths are excluded from Python scanning by default:
exclude:
- "venv/**"
- ".venv/**"
- "**/*_test.py"
- "**/__pycache__/**"
TypeScript
Support level: Full
TypeScript is fully supported with complete detection across all 14 vulnerability classes. The scanner handles TypeScript-specific syntax including type annotations, generics, interfaces, and enums.
File Extensions
| Extension | Description |
|---|---|
.ts | Standard TypeScript source files |
.tsx | TypeScript with JSX (React components) |
.mts | ES module TypeScript files |
.cts | CommonJS TypeScript files |
MCP SDKs Detected
mcp-scan recognizes MCP server patterns from TypeScript SDKs, including method-based tool registration (server.tool(), server.resource()), decorator-based patterns, and class-based handler definitions.
Detection Capabilities
- Pattern matching: Detects dangerous child process operations, dynamic code evaluation, and other unsafe patterns in TypeScript syntax
- Taint analysis: Tracks data through TypeScript-specific constructs including type assertions, generics, and async/await
- Type awareness: Basic type resolution helps reduce false positives when types constrain possible values
- Template literals: Taint propagation through tagged and untagged template literals
Language-Specific Considerations
- Type assertions:
ascasts and angle-bracket casts do not break taint tracking - Optional chaining:
?.operator is handled correctly in taint propagation - Decorators: Both experimental decorators and TC39 decorators are parsed for MCP surface extraction
- Module resolution: Imports from relative paths and package names are resolved for cross-file analysis in deep mode
Default Exclusions
exclude:
- "node_modules/**"
- "dist/**"
- "build/**"
- "**/*.test.ts"
- "**/*.spec.ts"
- "**/*.d.ts"
JavaScript
Support level: Full
JavaScript is fully supported with complete detection across all 14 vulnerability classes. The scanner handles both CommonJS and ES module syntax.
File Extensions
| Extension | Description |
|---|---|
.js | Standard JavaScript source files |
.jsx | JavaScript with JSX (React components) |
.mjs | ES module JavaScript files |
.cjs | CommonJS JavaScript files |
MCP SDKs Detected
The same MCP SDK patterns detected for TypeScript apply to JavaScript, minus type annotations. Both CommonJS (require()) and ES module (import) patterns are recognized.
Detection Capabilities
- Pattern matching: Same dangerous patterns as TypeScript without type annotations
- Taint analysis: Tracks data through variable assignments, template literals, function calls, and destructuring
- Dynamic evaluation: Dangerous dynamic code evaluation patterns including string-based timer functions are detected
- Module systems: Both
require()(CommonJS) andimport(ES modules) are resolved for cross-file analysis
Language-Specific Considerations
- No type information: Without TypeScript types, some analysis is less precise; the scanner relies more heavily on pattern matching and data flow
- Minified files: Files matching
*.min.jsare excluded by default since they are build artifacts - Dynamic requires:
require(variable)is flagged under Class L (Lifecycle) as unsafe dynamic loading - Prototype pollution: While not a dedicated class, some patterns related to prototype manipulation are detected under other classes
Default Exclusions
exclude:
- "node_modules/**"
- "dist/**"
- "build/**"
- "**/*.min.js"
- "**/*.test.js"
- "**/*.spec.js"
Go
Support level: Parsing only
Go files are parsed using tree-sitter, and basic MCP surface extraction is available. However, vulnerability detection rules for Go are still in progress. Do not rely on Go scan results for certification decisions.
File Extensions
| Extension | Description |
|---|---|
.go | Standard Go source files |
Current Capabilities
- Parsing: Source files are parsed into syntax trees
- Surface extraction: Basic detection of MCP handler registrations
- No vulnerability rules: No pattern matching or taint analysis rules are active for Go
Roadmap
Full Go support is planned, which will include:
- Pattern matching rules for dangerous OS command execution, SQL without parameterization, and HTTP requests with user-controlled URLs
- Taint analysis through Go function calls, goroutine boundaries, and channel operations
- MCP SDK detection for Go-based MCP server frameworks
Default Exclusions
exclude:
- "vendor/**"
- "**/*_test.go"
Parser Details
tree-sitter
MCP Scanner uses tree-sitter Go bindings to parse source code. tree-sitter provides:
- Incremental parsing: Only changed portions of a file are re-parsed
- Error recovery: Parsing continues even when encountering syntax errors
- Concrete syntax trees: Full syntax tree preserving all tokens and whitespace
- Language agnostic: Same API across all supported languages
Build Requirement: CGO_ENABLED=1
tree-sitter requires CGO (C bindings from Go). You must build mcp-scan with CGO_ENABLED=1:
CGO_ENABLED=1 go build -o mcp-scan ./cmd/mcp-scan
The make build target sets this automatically. If you see errors like undefined: sitter.NewParser, check that CGO is enabled.
Parallel Parsing
mcp-scan parses files in parallel using a configurable worker pool. Each worker gets its own tree-sitter parser instance to avoid contention:
# Auto-detect CPU count (default)
mcp-scan scan . --workers 0
# Fixed worker count
mcp-scan scan . --workers 8
Configuring Language Inclusion
By default, mcp-scan discovers all files matching supported extensions. You can narrow the scope using the include and exclude options in .mcp-scan.yaml:
# Only scan Python files in src/
include:
- "src/**/*.py"
# Exclude test files
exclude:
- "**/*_test.py"
- "**/tests/**"
Or via CLI flags:
mcp-scan scan . --exclude "**/tests/**"
Multi-Language Projects
When scanning projects that mix languages (for example, a Python MCP server with a TypeScript frontend), mcp-scan processes all supported files and reports findings per language:
{
"summary": {
"by_language": {
"python": 8,
"typescript": 3
}
}
}
In deep mode, cross-file analysis follows imports within each language but does not cross language boundaries (for example, a Python function calling a TypeScript module is not tracked).